ตัวอย่าง

$wgGroupPermissions['*']['read']=false;# The following line is not actually necessary, since it's in the defaults. Setting '*' to false doesn't disable rights for groups that have the right separately set to true!$wgGroupPermissions['user']['read']=true;

This example will disable editing of all pages, then re-enable for users with confirmed email addresses only:

# ปิดการใช้งานสำหรับทุกคน$wgGroupPermissions['*']['edit']=false;# Disable for users, too: by default 'user' is allowed to edit, even if '*' is not.$wgGroupPermissions['user']['edit']=false;# Make it so users with confirmed email addresses are in the group.$wgAutopromote['emailconfirmed']=APCOND_EMAILCONFIRMED;# Hide group from user list.$wgImplicitGroups[]='emailconfirmed';# Finally, set it to true for the desired group.$wgGroupPermissions['emailconfirmed']['edit']=true;

Creating a new group and assigning permissions to it

You can create new user groups by defining permissions for the according group name in $wgGroupPermissions['<group-name>'] where <group-name> is the actual name of the group.

Additionally to assigning permissions, you should create these three wiki pages with fitting content:

MediaWiki:Group-<group-name> (content: Name of the group)

MediaWiki:Group-<group-name>-member (content: Name of a member of the group)

Removing predefined groups

MediaWiki out of the box comes with a number of predefined groups.
Most of these groups can be removed by unsetting the according array keys, among them $wgGroupPermissions['<group-name>'].
For details see below.

ตัวอย่าง

This example will eliminate the bureaucrat group entirely.
It is necessary to ensure that all six of these variables are unset for any group that one wishes to remove from being listed at Special:ListGroupRights; however, merely unsetting $wgGroupPermissions will suffice to remove it from Special:UserRights.
This code should be placed after any require_once lines that add extensions such as Extension:Renameuser containing code that gives bureaucrats group permissions by default.

In some extensions (Flow, Semantic MediaWiki, etc.), rights are added during extension registration or in a registration function. In this case, it could be necessary to use a registration function in LocalSettings.php to remove some predefined user groups:

Note on the group called “user”

With the above mechanism, you can remove the groups sysop, bureaucrat and bot, which - if used - can be assigned through the usual user permission system.
However, it is currently impossible to remove the user group.
This group is not assigned through the usual permission system.
Instead, every logged in user automatically is member of that group.
This is hardcoded in MediaWiki and currently cannot be changed easily.

List of permissions

The following user rights are available in the latest version of MediaWiki.
If you are using an older version, look at “Special:Version” on your wiki and see if your version is covered in the “Versions” column.

Setting the user right"read" (allow viewing pages) to false will only protect wiki (article, talk, ...) pages, but uploaded files (images, files, docs... in the $wgUploadPath subdirectories) will always remain readable via direct access by default.
Use the information from Manual:Image Authorisation and img_auth.php pages when you have the need to restrict image views and file download access to only logged-in users.

ลบและกู้คืนรุ่นจำเพาะของหน้า - allows deleting/undeleting information (revision text, edit summary, user who made the edit) of specific revisions Split into deleterevision and deletelogentry in 1.20 (not available by default)

Although these permissions all control separate things, sometimes to perform certain actions you need multiple permissions. For example allowing people to edit but not read pages doesn't make sense, since in order to edit a page you must first be able to read it (Assuming no pages are whitelisted). Allowing uploads but not editing does not make sense, since in order to upload an image you must implicitly create an image description page, etc.

List of groups

The following groups are available in the latest version of MediaWiki.
If you are using an older version then some of these may not be implemented.

From MW 1.12, you can create your own groups into which users are automatically promoted (as with autoconfirmed and emailconfirmed) using $wgAutopromote.
You can even create any custom group by just assigning rights to them.

// create ninja-powers right$wgAvailableRights[]='ninja-powers';//add ninja-powers to the ninja-group$wgGroupPermissions['ninja']['ninja-powers']=true;//add ninja-powers to the 'basic' grant so we can use our ninja powers over an API request$wgGrantPermissions['basic']['ninja-powers']=true;

You also need to add right-[name] and action-[name] interface messages to /languages/i18n/en.json (with documentation in qqq.json).
The right-* messages can be seen on Special:ListGroupRights and the action-* messages are used in a sentence like "You do not have permission to ...".